cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot Authenticate with Keycloak Server when Keycloak use Self Sign Certificate

chanwitkepha202
Champ in-the-making
Champ in-the-making

Dear all, I have test Alfresco Community 7.1 with Keycloak.
My Keycloak use https (self signed certificate)

My alfresco-global.properties (Alfresco Repository)

# ==============================
# Authenticate with Keycloak
# =============================

# Authentication Subsystem Chain
authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm

# Alfresco Identity Service configuration
identity-service.enable-basic-auth=true
identity-service.authentication.validation.failure.silent=false

# Keycloak Internal Server with Self Sign Certificate
identity-service.auth-server-url=https://192.168.10.25/auth

identity-service.realm=guru
identity-service.resource=alfresco-client
identity-service.public-client=true
identity-service.ssl-required=none

csrf.filter.referer=https://192.168.11.22:443
csrf.filter.origin=https://192.168.11.22:443/*

aims.enabled=true
aims.realm=guru
aims.resource=alfresco-client

# Keycloak Internal Server with Self Sign Certificate
aims.authServerUrl=https://192.168.10.25/auth

aims.publicClient=true


My share-config-custom.xml (Alfresco Share)

<alfresco-config>

   <config evaluator="string-compare" condition="Users" replace="true">
      <users>
         <username-min-length>2</username-min-length>
         <password-min-length>3</password-min-length>
         <show-authorization-status>false</show-authorization-status>
      </users>
      <enable-external-users-panel>false</enable-external-users-panel>
   </config>


   <config evaluator="string-compare" condition="AIMS">
     <enabled>true</enabled>
     <realm>guru</realm>
     <resource>alfresco-client</resource>
     <authServerUrl>https://192.168.10.25/auth</authServerUrl>
     <sslRequired>none</sslRequired>
     <publicClient>true</publicClient>
   </config>

</alfresco-config>


When I start alfresco with docker ompose command. It show error like this


image

image

image

But if I use another Keycloak Server on Public Cloud with Valid Certificate (Lets Encrypt) It can work without problem.


My Question is, How to configure alfresco to use with Keycloak Internal Server which use Self Sign Certificate. 

Thank you  

1 REPLY 1

unibravo
Confirmed Champ
Confirmed Champ